Help with popups

By jedimullet
Dec 30, 2008
Topic Status:
Not open for further replies.
  1. I've recently been getting popups from sagipsul and various other sites and I found this forum after some searching. I've done the 8 step virus etc removal instructions and I think it has solved the problem. But I will post the logs just incase:
  2. Drowsiness

    Drowsiness Newcomer, in training Posts: 47

    Where these logs pre or post 8-step Program(tm)?
  3. jedimullet

    jedimullet Newcomer, in training Topic Starter

    they are post
  4. BlkHeartWolf

    BlkHeartWolf Newcomer, in training Posts: 160

    Right Click on MyComputer icon and go to properties
    Turn Off system restore
    open IE and go to TOOLS OPTIONS delete temporary internet files and cookies
    do a disk cleanup in your Start/accessories/system tools/ Menu

    Download VUNDO and save it to your desktop

    Double-click VundoFix.exe to run it.
    Click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files,
    click YES
    Once you click yes, your desktop will go blank as it starts removing
    Vundo.
    When completed, it will prompt that it will reboot your computer,
    Click ok

    After the reboot
    download malwarebytes www.malwarebytes.org and install
    run hijackthis and malwarebytes at the same time
    select any files and or keys in the list posted in Hijackthis
    but on both maiwarebytes and hijackthis click fix at the same time.then reboot immediatly.
    if you forget to turn off system restore it will return no matter

    reboot once complete, run hijack this and post your log here again.

    When we are finished remember to turn on system restore once clean



    C:\DOCUME~1\Matt\LOCALS~1\Temp\ose00000.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe

    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
    O15 - Trusted Zone: http://secure.gestrip.com (HKLM)
    O15 - Trusted Zone: http://update.randhi.com (HKLM)
    O16 - DPF: NTLSignup - https://register.tesco.net/tesco/NTLSignup.cab

    O16 - DPF: {33331111-1234-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl7bd.cab

    O20 - AppInit_DLLs: avgrsstx.dll urtxok.dll

    O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll (file missing)

    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
  5. jedimullet

    jedimullet Newcomer, in training Topic Starter

    ok I've done that and here's the new log:
  6. BlkHeartWolf

    BlkHeartWolf Newcomer, in training Posts: 160

    Looks clean tom me how is it working
    WOLF
  7. jedimullet

    jedimullet Newcomer, in training Topic Starter

    I haven't had any popups since the step guide so I think all is well, thanks.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.